The Online Trust Alliance (OTA), the non-profit with the mission to enhance online trust and empower users, announced the results of its 2014 Email Integrity Audit report, including its Email Trust Scorecard. Out of nearly 800 top consumer websites evaluated, OTA found only 8.3 percent of consumer facing web sites passed and thus 91.7 percent failed.

The overwhelming majority of businesses and government agencies are not following adequate steps to help ensure consumers and business partners can discern if emails coming from their domain are genuine or forged. The Scorecard measures the adoption of three critical email security protocols: Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM) and Domain-based Message Authentication, Reporting and Conformance (DMARC).

The scorecard found emails purportedly to be from social media companies to be most trustworthy and federal agencies to be least, with all sectors failing significantly to adopt email security best practices. Specifically, the percentage of companies passing the OTA Email Trust Scorecard broke down as follows:

28 percent of the top 50 social media companies

17 percent of the top 100 financial services companies

14 percent of the top 100 Internet retail companies

6 percent of the top 50 news companies

6 percent of the top 500 Internet retailers

4 percent of the top 50 U.S. government agencies.

By utilizing email authentication, organizations can help protect their brands and consumers from receiving forged email. Both DKIM and SPF are email authentication protocols designed to detect email spoofing by providing a mechanism to allow receiving mail servers to confirm the authenticity of the email.

Building on SPF and DKIM protocols, DMARC adds a policy assertion providing receiving networks (ISPs and corporate networks) direction on how to handle messages that may fail authentication. Equally as important, DMARC provides a reporting mechanism back to the brand/domain owner.

“Over 400 million Microsoft users worldwide are realizing the benefits of SPF, DKIM and DMARC. As email threats and spear phishing grow, every business should make email authentication a priority to help protect their consumers, their employees and their brands,” said John Scarrow, General Manager Safety Services, Microsoft Corporation.

Spotlight

(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. Learn about personal data bankruptcy and the cost of privacy, security and compliance, delivering digital security to a mobile world, and much more.

As ISPs, hosting providers and online enterprises around the world continue suffering the effects of DDoS attacks, often the discussions that follow are, “What is the best way to defend our networks and our customers against an attack?”

The code redirects visitors to another URL where the Fiesta exploit kit is hosted, which then tries to detect and exploit several vulnerabilities in various software. If it succeeds, the visitors are saddled with a banking Trojan.

Looking for an Android-based tablet for your child but don't know which one to choose? If you are concerned about the device's protection against random hackers, Bluebox Security has just released a review of the nine most popular Android tablet models aimed specifically at children.